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DETAILED ACTION 
Response to Amendment 

Claims 5-7 have been cancelled. Applicant's arguments/amendments with respect to 
previously pending claims 1-4 & 8-12 and newly added claims 13-18 filed 5/13/2011 have been 
fully considered. The arguments with regards to claims 1-4 and 8-12 have been fully considered 
but are not persuasive and newly added claims 13-18 which include features not previously 
claimed are moot in view of new grounds rejection. The Examiner would like to point out that 
this action is made final (See MPEP 706.07a). 

Response to Argument 
Applicant contend that the combination of Taylor and Malcolm fails to teach a "firewall 
flexible device determines whether a network communication program is registered in the list of 
communication permitted programs, and if the network communication program is registered, 
the server port is registered in the internal permitted port storage." Examiner respectfully 
disagrees. Taylor teaches that that a firewall determines whether a connection establishing 
packet, i.e. communication permitted programs, was received on a particular port that has been 
registered and if the packet including the connection request has been registered (col. 5, line 66 - 
col. 6, line 12). However, Taylor failed to teach where the internal permitted program storage 
list stores a list of programs which are permitted to have server ports registered by the firewall, 
where the firewall determines if the network communication program is registered in the list of 
programs. Malcolm was introduced since Malcolm teaches a firewall device which maintains a 
list of application programs that are attempting to connect to a particular server port, where 
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application programs are added to the list and where the firewall determines whether the 
application program is registered in the list of programs stored (col. 9, lines 38-52). Furthermore, 
Examiner would like to note that Malcolm teaches that the firewall makes this determination 
based on its configuration (col. 9, lines 42-45). One of ordinary skill in the art at the time the 
invention was made would have been motivated to modify Taylor to include the aforementioned 
features in Malcolm since Malcolm suggests that maintaining a list of application programs 
which are permitted to access particular ports ensures that only authorized application programs 
gain access to the network in col. 7, hnes 27-33 and col. 9, hnes 38-52. Furthermore, Examiner 
would like to note that Examiner was unable to locate a particular definition in Applicant's 
disclosure for the term "firewall flexible device" and therefore this term has been given its 
broadest reasonable interpretation according to MPEP 2111. Thus, the combination of Taylor 
and Malcolm teaches/suggests firewall flexible device determines whether a network 
communication program is registered in the list of communication permitted programs, and if the 
network communication program is registered, the server port is registered in the internal 
permitted port storage. 

Applicants further note "Hence, a server port is automatically registered based on the 
determination of the firewall flexible device on whether the network communication program is 
registered in the program storage." Examiner respectfully disagrees. Furthermore, in response to 
applicant's argument that the references fail to show certain features of applicant's invention, it is 
noted that the features upon which applicant relies (i.e., a server port being automatically 
registered based on the determination of the firewall flexible device) are not recited in the 
rejected claim(s). Although the claims are interpreted in light of the specification, hmitations 
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from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 
USPQ2d 1057 (Fed. Cir. 1993). Specifically, Examiner would Uke to note that the claimed 
language recites that extracted information about the server port that is registered in the internal 
permitted port storage when a firewall flexible device determines that a network communication 
program is registered. Nowhere does the claim recite that the firewall flexible device 
automatically registers a server port. 

Applicants fiirther contend that Malcolm fails to teach or suggest "a registration of a 
server port in an internal permitted port storage based on whether a network communication 
program is registered in an internal pennitted program storage as recited in the claims 
inventions." Applicants further continue to note "In other words, Malcolm is merely directed to 
control communication by setting up access rule including a destination port, not a server 
port. " Examiner respectfully disagrees. Malcolm teaches that the disclosed computer may be a 
desktop computer or server, where in the embodiment that the computer is a server the port 
would be interpreted as a server port (col. 9, lines 14-16). Furthermore, Malcolm teaches the use 
of a firewall which contains rules to control access of various application programs to the 
Internet, i.e. internal permitted program storage, on predetermined ports, i.e. server port in an 
internal permitted port storage (col. 9, lines 25-37). Therefore, Malcolm teaches/suggests 
registration of a server port in an internal permitted port storage based on whether a network 
communication program is registered in an internal permitted program storage. 

Finally, Applicants contend that Malcolm (and Taylor) fail to teach or suggest "that a list 
of programs permitted to have server ports registered by a firewall is stored in an internal 
permitted program storage, where the internal permitted program storage adds a program to the 
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list by extracting information about the programs for which communication is permitted by the 
firewall and registering the extracted information in the Ust, and determining whether the 
network communication program is registered in the list of programs stored in the internal 
permitted program storage, as included in the claimed invention." Examiner respectfully 
disagrees. Malcolm teaches that the disclosed computer may be a desktop computer or server, 
where in the embodiment that the computer is a server the port would be interpreted as a server 
port (col. 9, lines 14-16). Furthermore, Malcolm teaches the use of a firewall which contains 
rules to control access of various application programs to the Internet, i.e. internal permitted 
program storage, on predetermined ports, i.e. server port in an internal permitted port storage 
(col. 9, lines 25-37). Regarding extracting information about the ports registered by the firewall, 
Examiner would like to note that Taylor was relied upon for this feature. More specifically, 
Taylor teaches an internal permitted program storage for extracting information about a program 
for which communication is permitted by the firewall, and registering the extracted information 
(col.5, line 66 - col. 6, line 12); an internal permitted port storage registering the extracted 
information about the server port if the network communication program extracted from the 
information about the server port is registered in the internal permitted program storage (col. 6, 
lines 13-25). Examiner would like to note that "extracting information" is broad and is therefore 
given the broadest reasonable interpretation according to MPEP 2111. Also, in response to 
applicant's arguments against the references individually, one cannot show nonobviousness by 
attacking references individually where the rejections are based on combinations of references. 
See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 
231 USPQ 375 (Fed. Cir. 1986). Therefore, the combination of Taylor and Malcolm teaches that 
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a list of programs permitted to have server ports registered by a firewall is stored in an internal 
permitted program storage, where the internal permitted program storage adds a program to the 
list by extracting information about the programs for which communication is permitted by the 
firewall and registering the extracted information in the Ust, and determining whether the 
network communication program is registered in the Ust of programs stored in the internal 
permitted program storage. 

Examiner suggests that Applicants incorporate language into the claims which include 
the novelty of their invention over the cited prior arts. Specifically, various areas AppUcants 
may want to focus on when incorporating language into the claims could include the specifics of 
how the firewall device is flexible over conventional firewalls by incorporating features from the 
disclosure. Examiner encourages Applicants to include language that they believe would be 
patentably distinct over the cited prior art, in a manner that the points argued and the novelty of 
the invention are actually claimed. 

Due to the reasons stated above, the Examiner maintains rejections with respect to the 
pending claims. The prior arts of records taken singly and/or in combination teach the limitations 
that the Applicant suggests distinguish from the prior art. Therefore, it is the Examiner's 
conclusion that the pending claims are not patentably distinct or non-obvious over the prior art of 
record as presented. 
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Claim Objections 

Claims 15-18 are objected to because of the following informalities: line 3 of each of 
these claims makes reference to a "sever port" where Examiner believes Applicants intended to 
claim a "server port." Appropriate correction is required. 



Claim Rejections - 35 USC § 103 
I. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not idcnlically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

II Claims 1, 4, and 10-12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Taylor et al., US Patent No. 6,728,885 and further in view of Malcohn, US Patent No. 7,146,638. 
As per claims 1, 4, and 10: 

Taylor et al. substantially teach a network security system/method/computer-readable 
recording medium comprising: a port monitoring unit for extracting information about a server 
port being used by a network communication program (col. 5, lines 33-36); an internal permitted 
program storage for extracting information about a program for which communication is 
permitted by the firewall, and registering the extracted information (col. 5, line 66 - col. 6, line 
12); an internal permitted port storage registering the extracted information about the server port 
if the network communication program extracted from the information about the server port is 
registered in the internal permitted program storage (col. 6, lines 13-25); and wherein the firewall 
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flexible device further determines whether a destination port of a packet of inbound traffic has 
been registered in the internal perniitted port storage and blocks the packet if inbound traffic if 
the destination port has not been registered (col. 5, line 66 - col. 6, line 20; col. 10, line 57 - col. 
11, line 3; and Fig. 4, elements 303, 311, & 321). 

Not explicitly disclosed is where the internal permitted program storage stores a list of 
programs permitted to have server ports registered by the firewall, wherein the internal permitted 
program storage adds a program/program information to the list and a firewall flexible device for 
determining whether the network communication program is registered in the list of programs 
stored in the internal permitted program storage, where the firewall flexible device determines 
that the network communication program is registered in the list of programs. However, 
Malcolm teaches a firewall device maintaining a list of application programs who are attempting 
to connect to a particular server port, where application programs are added to the list and where 
the firewall determines whether the application program is registered in the list of programs 
stored (col. 9, lines 38-52). Therefore, it would have been obvious to a person in the art at the 
time the invention was made to modify the method disclosed in Taylor et al. to store a list of 
permitted programs registered by the firewall and to have the firewall determine whether the 
network communication program is registered in the hst of programs stored in the internal 
permitted program storage. This modification would have been obvious because a person having 
ordinary skill in the art, at the time the invention was made, would have been motivated to do so 
since Malcolm suggests that maintaining a list of appUcation programs which are permitted to 
access particular ports ensures that only authorized application programs gain access to the 
network in col. 7, lines 27-33 and col. 9, lines 38-52. 



Application/Control Number: 1 0/582,1 27 Page 9 

Art Unit: 2494 

As per claims 11-12: 

Taylor et al. and Malcolm substantially teach the network security system/method as set 
forth in claims 1 and 4. Furthermore, Taylor et al. teach wherein the firewall flexible device 
allows the packet of inbound traffic to bypass the firewall if the destination port has been 

registered (col. 10, line 63 - col. 11, line 15). 

III. Claims 2-3 and 8-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Taylor et al., US Patent No. 6,728,885 and Malcolm, US Patent No. 7,146,638 as applied to 
claims 1 and 4 above, and further in view of Yadav, US Pub. No. 2003/0149887. 
As per claims 2 and 8: 

Taylor et al. and Malcolm substantially teach the network security system as set forth in 
claims 1 and 4. Furthermore, Taylor et al. teach wherein the information about the program 
includes information about the program name (col. 5, lines 18-65). Not explicitly disclosed is 
wherein the information about the program, which is extracted and registered in the internal 
permitted program storage, includes information about an entire path of the program, and a 
program hash value. However, Yadav teaches that an application communicating over a network 
may be identified by its entire path and message digest hash value (par. 45). Therefore, it would 
have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Taylor et al. to register the entire path of the program, in addition to an MD5 hash 
value in the intemal permitted program storage. This modification would have been obvious 
because a person having ordinary skiU in the art, at the time the invention was made, would have 
been motivated to do so since Yadav suggests that the file path and the hash value may be used 
in successfully identifying an application and determining if the apphcation is authorized or not 
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for intrusion detection purposes in par. 46. 
As per claims 3 and 9: 

Taylor et al. and Malcolm substantially teach the network security system as set forth in 
claims 1 and 4. Furthermore, Taylor et al. teach where the information about the server port 
stored in the internal permitted port storage includes a protocol and a port (col. 7, lines 4-67). 
Not explicitly disclosed is wherein the information about the server port, which is registered in 
the internal permitted port storage, includes information about at least one of an entire path of the 
program. However, Yadav teaches that an application communicating over a network may be 
identified by its entire path (par. 45). Therefore, it would have been obvious to a person in the 
art at the time the invention was made to modify the method disclosed in Taylor et al. to register 
the entire path of the program in the internal permitted program storage. This modification 
would have been obvious because a person having ordinary skill in the art, at the time the 
invention was made, would have been motivated to do so since Yadav suggests that the file path 
may be used in successfully identifying an application and determining if the application is 
authorized or not for intrusion detection purposes in par. 46. 

IV. Claims 13-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Taylor et 
al., US Patent No. 6,728,885 and Malcolm, US Patent No. 7,146,638 as applied to claims 1, 4, 
and 10 above, and further in view of Kokado, US Pub. No. 2003/01 15327. 
As per claims 13, 15, and 17: 

Taylor et al. and Malcolm substantially teach the network security system as set forth in 
claims 1, 4, and 10. Not explicitly disclosed is wherein the internal permitted port storage 
registers the extracted information about the server port if the server port is determined to be 
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opened. However, Kokado et al. teach that various information regarding a server port is 
registered once it is determined that the server port is opened (par. 197). Therefore, it would have 
been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Taylor et al. to register the entire path of the program in the internal permitted 
program storage. This modification would have been obvious because a person having ordinary 
skill in the art, at the time the invention was made, would have been motivated to do so since 
Kokado et al. suggest monitoring the network for opened/closed services/server ports in order to 
keep track of available and unavailable services in par. 197. 
As per claims 14, 16, and 18: 

Taylor et al. and Malcolm substantially teach the network security system as set forth in 
claims 1, 4, and 10. Not explicitly disclosed is wherein the extracted information about the 
server port is deleted from the internal permitted port storage registers the extracted information 
about the server port if the server port is determined to be closed. However, Kokado et al. teach 
that various information regarding a server port is deleted once it is determined that the server 
port/service is no longer available (par. 197). Therefore, it would have been obvious to a person 
in the art at the time the invention was made to modify the method disclosed in Taylor et al. to 
register the entire path of the program in the internal permitted program storage. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Kokado et al. suggest 
monitoring the network for opened/closed services/server ports in order to keep track of 
available and unavailable services in par. 197. 
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Conclusion 

Applicant's amendment adding new claims 13-18 necessitated the new ground(s) of 
rejection presented in this Office action with regards to those particular claims (where the 
arguments presented in regards to previously presented claims were not persuasive). 
Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). AppUcant is 
reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor. Jay Kim can be reached at (571) 272-3804. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



/Nadia Bvhoshnoodi/ 
Examiner, Art Unit 2437 
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7/15/2011 

NK 

/Jung Kim/ 

Supervisory Patent Examiner, Art Unit 2494 



